digip

Also, check what USB settings are enabled for the VM. if your box only has USB 3.0, this might be an issue(from some googling at others with issues). Try setting the VM to use USB v1.1, or 2.0, and make sure in the bios it's capable. USB 3.0 only might not have great support in the VM's, so making sure to set one or the other and try again, see what happens.

I know that with my TP-Link card, it is on the back of the card itself, shows the revision # as V2.1. On the Alpha cards, mine doesn't show anything like that, but I have an AR9271 based AWUS036NHA that works fine for me. One thing I want you to try. Boot a real machine with a live disc of Kali and try it while in live mode. Not from a VM, but form real hardware, either with your desktop or if you have a laptop. Plug the card in, do a dmesg, make sure it was seen, then try the above I posted before, kill network service, run airmon-ng check, kill any thing it lists, then start the card in monitor mode, and when running airodump-ng, be sure to set the channel your AP is on with -c # where # is the channel number. I know that sounds weird, but I want to rule something out. Also what version of USB is the machine(real hardware, not VM). Make sure USB 2.0 is enabled in the bios if you can. If 3.0, try a 2.0 slot if you have each. If it's a 1.0 or 1.1, not sure it will work 100%. Same goes for the VM, you might have to actually tell it to use 1.0 and not 2.0 on the VM itself, but using native hardware in a Live disc boot, should give us a better idea what happens. If it doesn't work there, then it's not the VM, it may be the actual machine itself, or the card version you have, is just a flake and not going to work without proper firmware and drivers for whatever is required for the chipset. You can see people with the same card, having issues, and others not, so it's definitely hit or miss with the NEH models of the card, just not sure all the factors involved that cause the flaky issues.

Please don't post stuff about sites used to attack people on the internet. You want to learn about this sort of thing, use a VM hosted web server on your own LAN to test with.

Few things, 1, try VMware, not Virtual Box. Virtual Box has issue with wifi dongles, isn't the best for wifi tools, I don't know why, doesn't ever work for me on my system. VMware has great support for USB Wifi dongles, just make sure to pass the USB to the guest system, and you should have a more stable setup. If you get it working in VBox, more power to you, I just don't have the patience for VBox in this respect. Works fine for Kali VM, so long as you don't need wifi capabilities, but that has been my experience. YMMV. 2, what revision of the card do you have? While the card should work out of the box, depending on the chip revision, it won't. I have a TP-Link card, with the same issue, monitor mode doesn't work properly on it, even though its the same TL-WN722N listed to work, only revision V1.0 of my TP link card has drivers, and I have a revision V2.1, so this is something to look into if your card has similar changes to it, it could be the problem with the chipset and no proper driver support and may need to install updated drivers(if available). I had to use some hacked version from github someone wrote, which gave me partial support for AP mode and no proper monitor mode. 3, run airmon-ng check kill. Make sure nothing is causing issues, like dhclient, network manager, wicd, etc. I personally, kill all the network services, samba, etc, and make sure to start the card from airmon like so: systemctl stop network-manager.service systemctl stop smbd killall -9 dhclient ifconfig wlan0 down aimon-ng check kill airmon-ng check (if nothing listed) airmon-ng start wlan0 airodump-ng -c # wlan0mon -w dump In he above airodump-ng command, -c # replace "#" with the channel number you want to capture on. Don't bring it up without selecting a channel, or it hops all 1-14 by default, and doesn't work as well for capturing specific access points and handshakes. You can run it without initially to look for yoru AP, get it's channel #, then stop and restart on that specific channel for best stable results and capturing.

If it's behind NAT, about the only thing you can do(if you can't setup a DMZ or port forwarding), is outward connecting. Clients trying to use the proxy won't be able to connect. Also, how do the clients know to use your proxy? What are you using for the proxy to handle client connections? Doesn't make much difference if they can't reach it, but just curious how you think this proxy thing works.

Just a thought, try using Kali? Can be installed when using "apt install kali-linux-wireless" which has all the wifi radio tools you'll need, wifite, pixie, etc.

Masscan. Will scan very quickly. Can miss some ports, but general network discovery, it works. Also, nmap, can do it quickly, if you add -n (no dns) and only scan for hardware, ie: arp sweep for nodes only, no ports. Then you can individually port scan each one if needed after you get a list of nodes, just use nmap to output to greppable format to save to file, which can then be scanned with masscan import for port scanning, or just use nmap. If using nmap specifically, be sure to set timeouts, just add -v --open, to catch open ports, as timeouts won't show found ports without it at the end of the scan.

Read the page. describes what works and doesn't, what is needed, but also that it was a POC, and not fully functional. It requires specific hardware and drivers to manage the attack and a setup scenario in place that allows the attack to happen, ie: QoS, TKIP, no AES/Encryption on the Router side with WPA. It is not a wep attack, although the chop-chop part I gather from aireplay-ng, was meant more as example to explain the method of attack, not that you would use a WEP chop-chop attack for things like IVs. * Note, I stated incorrectly as "PTW attack". It was worked on by one of the Authors of the PTW attack ( which is for a specific type of WEP attack, see - https://www.aircrack-ng.org/doku.php?id=supported_packets ).

You're talking about a PTW attack, which Tkiptun-ng does. Only works on systems that use TKIP without AES, which most systems today, that use WPA with AES, or WPA2, aren't vulnerable to. Has to be specific to the attack. https://www.aircrack-ng.org/doku.php?id=tkiptun-ng explains in more detail.

2 can play that game Mr! And I said it first..lol (don't lock the thread...just us meandering standard nerds..)

If we go into OS wars, they all lose, nothing is any more secure than your best use practices, don't care what it is. If it's a shiny silver, vs black box comparison, then ok, cause I can't justify the purchase of their expensive product(s) when the same money can buy me more stuff with usage that works for more things than only on a MAC/Apple device and hardware.

If your USB tool isn't set with UEFI, more than like won't boot properly. Needs to have the EFS files on USB to book when UEFI is enabled(which should be for windows 8.0 and later)

1, she's a spy and looks like her phone(but just a guess), 2, I don't think Hak5 has any control over what a movie does with a picture of a pineapple. Not like Hak5 invented the fruit or have exclusive rights over the imagery of said fruit..not sure what you're implying.

When done right, /proc is usually mounted read only by root with no SUID and can't be changed or remounted(easily). I wouldn't expect to see too many attacks with /proc in the path. Can look for /proc/self/cwd/ which lets you append any path after it for LFI, but that also requires misconfiguration or already vulnerable system that someone setup to use it.

Be careful if/when they root the VM box and spread to your real network. When doing this, I'd be running the VM from a throw away box as well, and the rest of your devices offline when the honeypot is on the network. If they escape the VM, they could possibly harm the host machine, and the rest of the network.

If it's UEFI boot, get a live disc ISO that has EFI boot capabilities, and you can then grab the SAM file and crack the passwords offline(or while booted live). A live disc of Kali 2017.1 should have EFI by default on it, (I know the KDE version of 2017.1 does). [ Note, it has the files, after an install and update, but not to boot UEFi withotu using a USB and something like RUFUS ] You can then boot in EFI mode, apt-get update and install ophcrack's basic NT password list(can also throw larger one on USB and mount and use for crack list) then crack the passwords. If can't crack them, then If needed, you can also replace the NT passwords with chntpw. Google it. Should be fairly quick to change the password.

VLC won't know what to do with it, if it's not linked to playable files it recognizes with full URL paths to the files. Without looking, I imagine the files are more parted files, either more lists of m3u8 files, or links to .tn files which it combines on the fly to reduce buffering large video files, but also probably relative links, not full URL's to the files, so won't know where they are. Save the m3u8 and open it in a text editor, then find all the files and download all of them, and continue till you find the video file. If they are blob files, they aren't always down-loadable depending on what is in the file, and are usually a reference for a streamed only file similar to rtmp files.

mdk3 deauths everything, which ideally, is not something you're going to be doing without reason. Read up on the tool(s), give it a try yourself. Requires a compatible wifi card, but you can use mdk3 like a sledge hammer or preferably try aireplay-ng if you want to just want to test a single AP you own in a more testable approach for just your equipment.

It sends Deauths, like aireplay can, only you don't have to specify a specific router, it looks for and sends to all it can see in the area. It's nor really an actual frequency/radio jammer, just a wifi deauth tool.

mdk3 as above, kills all wifi(within ranges I should say). You can set white and black lists with mdk3 though, just read the help file. It's used generally for capturing 4 way handshake when you want to use airodump with it, or, can be a dick and just kill your neighbors wifi all day long. Some routers might reboot or crash, and others might ignore it all together, but clients generally have no protection.

Hak5 hak shop stuff, is not exactly the fan base stuff, so when you sell items for profit with the Hak5 product logos, I would think they take some issue. If they made and donated like for free to something or with proceeds going to like HFC, I can see being more community based and something others get behind, but I can't foresee them being pleased by the eBay shirts. It's just one of those things that you aren't going to able to prevent it from happening, and you either live with it, or let the lawyers handle it, since they get paid to worry about it. Infringement is still infringement.

"mdk3 wlan0 d" on any linux system with compatible card, will do the same thing. If you have a raspberry pi already, then you can save yourself $5.

You don't have permissions to chmod the file, since you are not root, or in the adm group.

What roles do you want to go into in Infosec? Incident response, Pentesting, network or software/application security? There are a number of areas, many of which I can't even name, so depends on what you're into and where you want to end in your career. Read up on everything you can get your hands on, and do the video circuit with what you have access to, ie: Security Tube, Cybrary.it, Youtube, etc. Comptia's Security + study materials are also a good intro if you're completely new to the fundamentals and terms used. Don't just memorize books to pass the CEH. Cert's are great on a resume, but getting your hands dirty with more than book theory is the only thing that will really make thins click. Practice physically with hands on tools and scenarios using a home lab and pre-made vulnerable systems(like Vulnhub stuff) so you understand why something does what it does and how to fix/defend, and attack the vulnerabilities. Combine that knowledge with what you're reading on the CEH exam guide and things will make more sense than just regurgitating book terms from CEH materials.

It's not Hak5, it's pirated artwork for sale, and a common practice on eBay sellers from outside the US (and even in the US), and Amazon is one of the worst when it comes to resellers. Next to impossible to get something removed on Amazon. DMCA take down notice would need to be filed with proof of ownership of the artwork. I hope hak5 has good lawyer for this. Not the easiest thing to get sites to removed your stolen artwork. I speak from experience with the same issues of my own artwork sold on shirts by other retailers, with Amazon being the worst at this. Hopefully eBay isn't the same way.